问题
I'm searching for an elegant way to not allow specific EntityTypes to be expanded in BreezeJS. We have a (somewhat) public Web Service that we are exposing, and there are some tables that we don't want to be visible to some consumers of that service. Although we can only expose Web API Methods for those specific tables, consumers of the service could still access those tables by expanding from related tables.
Note: I've posted an answer to this question, giving a work-around. However, I'm interested if anyone out there knows a more elegant way of skinning this particular cat.
回答1:
On the UserVoice page for requesting this feature to be formally added to Breeze, Ward Bell suggests a decent work-around:
Meanwhile, in your controller you can examine the query string from the request for presence of $select and $expand and throw an exception if you see it.
I'm guessing this would look something like this:
[HttpGet]
public IQueryable<Widget> Widgets() {
if (!string.IsNullOrEmpty(HttpContext.Current.Request.QueryString["$expand"]))
{
throw new Exception("Ah ah ah, you didn't say the magic word!");
}
return _contextProvider.Context.Widgets;
}
...to block all Expands, or something more specific to block the Expand of Features, itself. This isn't too shabby but not quite "elegant".
(Yes, that is a Jurassic Park reference.)
来源:https://stackoverflow.com/questions/14647623/do-not-allow-expands-for-specific-entitytypes-in-breeze